New research shows just how fragile many “secure” passwords really are. Using a single high‑end graphics card, researchers were able to crack the majority of common password hashes in under an hour, nearly half in less than a minute. Even more concerning for Canadian SMBs, attackers don’t need expensive hardware of their own; cloud-based computing power can be rented cheaply to do the same job. If passwords are protected only by older, fast hashing methods like MD5, they offer little real protection once stolen in a data breach.
The reason passwords are so easy to break hasn’t changed much: predictability. Millions of leaked passwords follow the same patterns, making them easier to guess even when they meet “complexity” rules. Despite years of awareness campaigns, passwords are actually slightly easier to crack today than they were just a couple of years ago, thanks to faster hardware and unchanged user habits. This puts SMBs at risk, especially those relying on passwords as their primary, or only, line of defence for email, cloud services, and remote access.
The takeaway isn’t that passwords should disappear overnight, but that they should no longer stand alone. Strong security today means layering protections: multi‑factor authentication (preferably biometrics), proper identity and access management, endpoint protection, and a zero‑trust mindset that limits how far an attacker can move even if one account is compromised. Just as importantly, this is an organizational responsibility, not something to offload onto employees with ever‑changing password rules. For Canadian SMBs, upgrading the user security stack isn’t about checking a compliance box, it’s about putting another locked door behind the first one, before someone finds out how easy it is to force their way in.
Original article courtesy of TheRegister.com
Enhance Your Business Security with Expert Cybersecurity Solutions. Click here to learn more and download shawcsIT’s free services overview catalogue.